AWS apigateway high security documentation change
Summary
Corrected TLS negotiation behavior documentation for custom domains
Security assessment
Fixes critical documentation error about TLS policy selection. Original misstatement could lead to misconfiguration where API policies override custom domain security policies, potentially weakening TLS security.
Diff
diff --git a/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.md b/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.md index d4064ed3e..3ecf539bc 100644 --- a//apigateway/latest/developerguide/apigateway-custom-domain-tls-version.md +++ b//apigateway/latest/developerguide/apigateway-custom-domain-tls-version.md @@ -25 +25 @@ The following are considerations for security policies for custom domain names f - * Your API can be mapped to a custom domain name with a different security policy than your API. When you invoke that custom domain name, API Gateway uses the security policy of the API to negotiate the TLS handshake. If you disable your default API endpoint, this might affect how callers can invoke your API. + * Your API can be mapped to a custom domain name with a different security policy than your API. When you invoke that custom domain name, API Gateway uses the security policy of the custom domain to negotiate the TLS handshake. If you disable your default API endpoint, this might affect how callers can invoke your API.